Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

cerco aiuto nel comporre lo script di avenger

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

cerco aiuto nel comporre lo script di avenger

Messaggioda GIGISGREEN » gio gen 03, 2008 5:26 pm

SALVE A TUTTI, SICCOME NON SONO RIUSCITO AD INSTALLARE ALCUN ANTIVIRUS, HO SCANSIONATO IL MIO SISTEMA CON KASPERSKYE MI SONO ACCERTATO DI AVERE IL WORM BAGLE. HO GIA FATTO TUTTA LA PROCEDURA CHE AVETE ILLUSTRATO NELLE PAGINE DEL VOSTRO SITO A PARTE "IL FINALE" CIOè NON SO PROPRIO COME IMPOSTARE LO SCRIPT IN "THE AVENGER". QUALCUNO MI PUò DARE UNA MANO??? GRAZIE MILLE
QUI SOTTO RPORTO LA SCANSIONE DI KASPERSKy

Thursday, January 03, 2008 2:20:50 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/01/2008
Kaspersky Anti-Virus database records: 501789


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 111084
Number of viruses found 6
Number of infected objects 22
Number of suspicious objects 0
Duration of the scan process 01:15:30

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\ligu\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\ligu\Documenti\FOTO E MOTORI\FILE_DA_INTERNET\bearshare pro 5.2.5.2 italiano_fastest_BitTorrent_downloader.exe/file12 Infected: Trojan.Win32.Inject.ba skipped

C:\Documents and Settings\ligu\Documenti\FOTO E MOTORI\FILE_DA_INTERNET\bearshare pro 5.2.5.2 italiano_fastest_BitTorrent_downloader.exe Inno: infected - 1 skipped

C:\Documents and Settings\ligu\Documenti\FOTO E MOTORI\FILE_DA_INTERNET\bearshare.pro.5_fastest_BitTorrent_downloader.zip/BitDownload-3.0-setup.exe/file12 Infected: Trojan.Win32.Inject.ba skipped

C:\Documents and Settings\ligu\Documenti\FOTO E MOTORI\FILE_DA_INTERNET\bearshare.pro.5_fastest_BitTorrent_downloader.zip/BitDownload-3.0-setup.exe Infected: Trojan.Win32.Inject.ba skipped

C:\Documents and Settings\ligu\Documenti\FOTO E MOTORI\FILE_DA_INTERNET\bearshare.pro.5_fastest_BitTorrent_downloader.zip ZIP: infected - 2 skipped

C:\Documents and Settings\ligu\Documenti\FOTO E MOTORI\FILE_DA_INTERNET\flashget\flashget140.exe/WISE0018.BIN/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\Documents and Settings\ligu\Documenti\FOTO E MOTORI\FILE_DA_INTERNET\flashget\flashget140.exe/WISE0018.BIN Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\Documents and Settings\ligu\Documenti\FOTO E MOTORI\FILE_DA_INTERNET\flashget\flashget140.exe WiseSFX: infected - 2 skipped

C:\Documents and Settings\ligu\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\ligu\Impostazioni locali\Dati applicazioni\ApplicationHistory\cli.exe.af01e8cc.ini.inuse Object is locked skipped

C:\Documents and Settings\ligu\Impostazioni locali\Dati applicazioni\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\ligu\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\ligu\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\ligu\Impostazioni locali\Temp\Perflib_Perfdata_90.dat Object is locked skipped

C:\Documents and Settings\ligu\Impostazioni locali\Temp\Perflib_Perfdata_aa4.dat Object is locked skipped

C:\Documents and Settings\ligu\Impostazioni locali\Temp\Perflib_Perfdata_ab0.dat Object is locked skipped

C:\Documents and Settings\ligu\Impostazioni locali\Temp\Rar$EX00.219\2_[PC.-.ITA].CRACK.registrazione.di.30.anni.di.Norton.Antivirus.2004.exe Infected: Trojan-Downloader.Win32.Bagle.hi skipped

C:\Documents and Settings\ligu\Impostazioni locali\Temp\Rar$EX00.265\skin motorola v3xx.exe Infected: not-a-virus:AdWare.Win32.Stud.d skipped

C:\Documents and Settings\ligu\Impostazioni locali\Temp\~DF167A.tmp Object is locked skipped

C:\Documents and Settings\ligu\Impostazioni locali\Temp\~DF167F.tmp Object is locked skipped

C:\Documents and Settings\ligu\Impostazioni locali\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\ligu\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\ligu\Impostazioni locali\Temporary Internet Files\Content.IE5\UJWNY9QO\avenger[1].zip Object is locked skipped

C:\Documents and Settings\ligu\ntuser.dat Object is locked skipped

C:\Documents and Settings\ligu\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Temp\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Temp\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Programmi\Creative\Creative Media Lite\CTZDetec.exe Infected: Trojan-Downloader.Win32.Bagle.hi skipped

C:\Programmi\Toshiba Connect\InstID.exe Infected: not-a-virus:Dialer.Win32.InterDialer.a skipped

C:\Programmi\Toshiba Connect\Interdialer.exe Infected: not-a-virus:Dialer.Win32.InterDialer.a skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped

C:\WINDOWS\system32\sqltrv32.dll Infected: not-a-virus:AdWare.Win32.Stud.a skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

E:\FOTO E MOTORI\FILE_DA_INTERNET\bearshare pro 5.2.5.2 italiano_fastest_BitTorrent_downloader.exe/file12 Infected: Trojan.Win32.Inject.ba skipped

E:\FOTO E MOTORI\FILE_DA_INTERNET\bearshare pro 5.2.5.2 italiano_fastest_BitTorrent_downloader.exe Inno: infected - 1 skipped

E:\FOTO E MOTORI\FILE_DA_INTERNET\bearshare.pro.5_fastest_BitTorrent_downloader.zip/BitDownload-3.0-setup.exe/file12 Infected: Trojan.Win32.Inject.ba skipped

E:\FOTO E MOTORI\FILE_DA_INTERNET\bearshare.pro.5_fastest_BitTorrent_downloader.zip/BitDownload-3.0-setup.exe Infected: Trojan.Win32.Inject.ba skipped

E:\FOTO E MOTORI\FILE_DA_INTERNET\bearshare.pro.5_fastest_BitTorrent_downloader.zip ZIP: infected - 2 skipped

E:\FOTO E MOTORI\FILE_DA_INTERNET\flashget\flashget140.exe/WISE0018.BIN/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped

E:\FOTO E MOTORI\FILE_DA_INTERNET\flashget\flashget140.exe/WISE0018.BIN Infected: not-a-virus:AdWare.Win32.Cydoor skipped

E:\FOTO E MOTORI\FILE_DA_INTERNET\flashget\flashget140.exe WiseSFX: infected - 2 skipped

Scan process completed.

garderò il vostro aiuto haimè solo dopo mezzanotte di oggi per motivi di lavoro... grazie mille di nuovo
Avatar utente
GIGISGREEN
Neo Iscritto
Neo Iscritto
 
Messaggi: 6
Iscritto il: gio gen 03, 2008 5:11 pm

Messaggioda crazy.cat » gio gen 03, 2008 6:30 pm

Disattiva il ripristino della configurazione (se è ancora attivo)
http://www.MegaLab.it/2330
e dopo il riavvio del pc applichi questo script, dopo l'ulteriore riavvio reinstalli antivirus e riattivi il ripristino (selo usi)

Files to delete:
C:\WINDOWS\system32\drivers\hidr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\hldrrr.exe
C:\WINDOWS\system32\trusted.exe
C:\WINDOWS\system32\drivers\pci32.sys
C:\windows\system32\drivers\hldrrr.exe
C:\Documents and Settings\ligu\Documenti\FOTO E MOTORI\FILE_DA_INTERNET\bearshare pro 5.2.5.2 italiano_fastest_BitTorrent_downloader.exe
C:\Documents and Settings\ligu\Documenti\FOTO E MOTORI\FILE_DA_INTERNET\bearshare.pro.5_fastest_BitTorrent_downloader.zip/BitDownload-3.0-setup.exe
C:\Documents and Settings\ligu\Documenti\FOTO E MOTORI\FILE_DA_INTERNET\bearshare.pro.5_fastest_BitTorrent_downloader.zip
C:\Documents and Settings\ligu\Impostazioni locali\Temp\Rar$EX00.219\2_[PC.-.ITA].CRACK.registrazione.di.30.anni.di.Norton.Antivirus.2004.exe
C:\Documents and Settings\ligu\Impostazioni locali\Temp\Rar$EX00.265\skin motorola v3xx.exe
C:\Programmi\Creative\Creative Media Lite\CTZDetec.exe
C:\WINDOWS\system32\sqltrv32.dll
E:\FOTO E MOTORI\FILE_DA_INTERNET\bearshare pro 5.2.5.2 italiano_fastest_BitTorrent_downloader.exe
E:\FOTO E MOTORI\FILE_DA_INTERNET\bearshare.pro.5_fastest_BitTorrent_downloader.zip

folders to delete:
C:\WINDOWS\exefnd
C:\WINDOWS\exefld

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
HKLM\SYSTEM\CurrentControlSet\Services\pci32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

perfetto il pc ora funziona correttamente

Messaggioda GIGISGREEN » ven gen 04, 2008 12:17 am

grazie per avermi aiutato, io non sarei stato capace di comporre quegli script. Il pc ha installato l'antivirus NOD32 (quello valido per 30gg).
Avatar utente
GIGISGREEN
Neo Iscritto
Neo Iscritto
 
Messaggi: 6
Iscritto il: gio gen 03, 2008 5:11 pm


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 4 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising